From 19a29ba848ac66fedbbb7059df09f93675e48a26 Mon Sep 17 00:00:00 2001 From: Urban Müller Date: Fri, 16 Feb 2024 16:00:45 +0100 Subject: with EDC(text), no need to mark using html the values in T(), they are guaranteed safe. fixes validation when values inserted into non-html places like href= --- auto_prepend.php | 2 +- it_text.class | 10 ++++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/auto_prepend.php b/auto_prepend.php index d961a7b..2becb66 100644 --- a/auto_prepend.php +++ b/auto_prepend.php @@ -74,7 +74,7 @@ function T($label, $language = null, $values = null) if (is_array($language)) # Need to swap params? list($language, $values) = array($values, $language); - return $GLOBALS['it_text']->etext($label, array_map(array("it_html", "Q"), (array)$values), $language); + return $GLOBALS['it_text']->etext($label, array_map(array("it_html", "Q"), (array)$values), $language, false); } /** diff --git a/it_text.class b/it_text.class index 04291df..e08fff0 100644 --- a/it_text.class +++ b/it_text.class @@ -162,9 +162,9 @@ function text($label, $language = null) /** * INTERNAL function for ET(): Return translated text with values replaced */ -function etext($label, $values = null, $language = null) +function etext($label, $values = null, $language = null, $allowmarking = true) { - return self::transmogrify($this->text($label, $language), $values, $label, $this->allowedfuncs); + return self::transmogrify($this->text($label, $language), $values, $label, $this->allowedfuncs, $allowmarking); } @@ -223,8 +223,10 @@ function set($label, $text = null, $language = null) * Replaces variables of the form {obj.var} with value from $values, e.g. {user.name}, or result of a func, e.g. {LU(//www/terms)} * NOTE: Invalid object names or non-existing variables are simply deleted. */ -static function transmogrify($text, $values = null, $label = null, $allowedfuncs = null) +static function transmogrify($text, $values = null, $label = null, $allowedfuncs = null, $allowmarking = true) { +# EDC('u', $allowmarking, $text); + foreach (preg_split('#{([^}]*)}#', $text, -1, PREG_SPLIT_DELIM_CAPTURE) as $i => $part) { if ($i % 2) # odd offsets are delimiters, i.e. braces to be replaced @@ -242,7 +244,7 @@ static function transmogrify($text, $values = null, $label = null, $allowedfuncs else $value = (list($func, $arg) = it::match('^([\w:]+)\((.*)\)$', $part)) && isset($allowedfuncs[$func]) ? $func($arg) : "{" . $part . "}"; - $result .= $GLOBALS['debug_texts'] ? "$value" : $value; + $result .= $GLOBALS['debug_texts'] && $allowmarking ? "$value" : $value; } else $result .= $part; -- cgit v1.2.3